tags:

views:

48

answers:

1
Q: 

Dynamic tablename in DAO.cfc?

I'm writing a subsystem that tables might be renamed from project to project.

Instead of asking the user of my subsystem to search & replace before using it, does this work?

<cfquery name="local.foo" datasource="#dsn#">
  SELECT col1, col2, col3
  FROM #tableName#
</cfquery>

Without <cfqueryparam>, will it become non-cacheable? or any other issues? (assume SQL-injection is not an issue)

I don't think I can use <cfqueryparam> for table name, right?

Thanks.

+1  A: 

That'll work, sure. CF simply converts all variables to their values and sends the string to the database driver.

Be very, very careful, though. As you've implied, this could set you up for some nasty SQL injection.

Al Everett  2009-08-21 12:22:45
If you are using MySQL, you can escape the tableName to make it SQL safe by wrapping the string with backticks such as: `#tableName#`. Other databases will have their own ways of escaping table and column names.
Greg S  2010-03-18 20:21:27

related questions

Restarting ColdFusion mail queue
ColdFusion mail queue stops processing
in ColdFusion 8, can you declare a function as private using cfscript?
ColdFusion Template Request count optimization
How do I speed up data retrieval from .NET AD within ColdFusion
How to call a function dynamically that is part of an instantiated cfc, without using Evaluate()?
Using Google Maps in Coldfusion
We're manually mapping our internal data elements to external vendors' xml schema. there's gotta be a better way...
How do I turn a ColdFusion page into a PDF download?
Importing Access data into SQL Server using ColdFusion
jquery: JFrame plugin fails in IE 7
How do I programatically sanitise coldfusion cfquery parameters.
ColdFusion: Is it safe to leave out the variables keyword in a CFC?
How should you go about learning ASP.NET after life as a ColdFusion developer?
BOM not expected in CF but sent by IIS/SP
cfqueryparam with like operator in coldfusion
Is it possible to find code coverage in ColdFusion?
How can you test to see if two arrays are the same using CFML?
Why is my PDF footer text invisible?
Coldfusion - When to use the "request" scope?
How do I convert images between CMYK and RGB in ColdFusion (java)?
How do I use NTLM authentication with Active Directory
Dynamic Alphabetical Navigation
Wrapping lists into columns
How to get started "writing" a code coverage tool?